- Buy 3 months of Xbox Game Pass Ultimate for 28% off, here's how
- Best early Prime Day monitor deals to shop in October 2024
- Upgrade to Windows 11 Pro for $18 - a new low price
- Setting Up Your Network Security? Avoid These 4 Mistakes
- Buy a Microsoft Office license for Mac or Windows for $25 right now
Media Firms Twice as Exposed to Compromise
The percentage of media companies susceptible to compromise is double the figure across all other sectors, according to a new study from BlueVoyant.
The security vendor used its tools to perform a cybersecurity posture analysis on 485 organizations from the media industry to compile its Media Industry Cybersecurity Challenges report.
It found that 30% of those analyzed are exposed to compromise via vulnerabilities in their internet-facing, publicly accessible footprints. Exploitation of these vulnerabilities could lead to content theft and/or operational disruption.
However, prompt patching remains a challenge: 60% of identified vulnerable systems were still unprotected six weeks after a patch had been issued, BlueVoyant said.
Part of the challenge for the sector is the complexity of the supply chain, which might incorporate a wide variety of vendors, service providers, partners and technologies to move a creative idea from concept to camera to consumer, the report claimed.
“The digital supply chain is a common attack vector not only for the media, but all industries,” argued Dan Vasile, BlueVoyant vice president of strategic development and former vice president of information security at Paramount.
“In order to improve their cyber-defense posture, media companies should continuously monitor their extended vendor ecosystem, using analysis to prioritize mitigation of the most critical findings.”
Half of the top vendors providing content management solutions to the media industry were found to have vulnerabilities in their products, according to the report.
To enhance supply-chain security, BlueVoyant recommended media companies:
- Identify and prioritize vendors, focusing on their criticality to content creation and delivery, and access to critical systems
- Continuously monitor the supply chain using contextual analysis to prioritize serious vulnerabilities. Questionnaires and point-in-time scans are no longer sufficient
- Use platforms to proactively track how critical vendors are addressing externally visible vulnerabilities and misconfigurations and work with them to minimize attack-surface risk